Authors:
Buzzy Brown, James Hawk
Abstract:
This disclosure proposes an alternative communication path for the authorization of credit for those times when the Retailer's network is not working.
Background:
If a POS terminal loses communication with a credit authorization service, the store may have to decline POS transactions (over a certain amount) or may incur additional risks and fees if it accepts the off-line payment. By utilizing existing data communication capabilities in shopper’s devices (smartphone), full authorization with the credit service is possible. This covers cases when the individual POS terminal or the entire store has lost network connectivity.
Description:
Prior to a particular shopping trip (i.e. prior to entering the physical store), shoppers pre-register their participation in an ad hoc network using their smartphone and a Retailer’s app. Most Major Retailers have their own store apps.
Incentives to participate may include actual money, store credit, or special discounts – but this is not part this disclosure.
In one use case, multiple shoppers have connected to the store’s wifi when entering the physical store and allow for parallel communication paths from the store to the Internet. Should the need arise, the credit authorization data would be encrypted, split into “n” payloads and send via “n” shoppers’ smartphones. The App would receive a portion of the authorization payload and forward to the POS terminal. The POS terminal would reassemble and decrypt the response to allow the transaction to complete.
Even though the data is encrypted, security is improved since no single phone would have the complete payload in either direction.
In a more severe outage that prevents in-store Wi-Fi communications, communication paths could be established between the POS terminal (PIN Pad) and 1 or more smartphones using Bluetooth, NFC, or an ad hoc Wi-Fi network.
In another implementation, communication could be established using images, such as QR codes, that the POS terminal would create (encrypted of course), the smartphone would read (using its camera) and forward to the credit authorization service. After the smartphone receives the authorization response, it would create an image (QR code) that contains the encrypted payload of the authorization response. The POS terminal would read this using a bar code scanner, decrypt, and process the authorization response data. As a refinement, the payloads would contain identifiers (tokens) for the POS transaction/terminal/store and the shopper to ensure authenticity. This would be one means of preventing spoofing of authorization responses.
Enabling Technology:
RABID: Random Auctions for Bandwidth in Internet Devices
https://econcs.seas.harvard.edu/sites/g/files/omnuum6346/files/econcs/files/jhoon_thesis.pdf
TGCS Reference 00518
